











    <!DOCTYPE html>
<html>
    <head>
        <meta charset="UTF-8">
        <meta http-equiv="Content-Language" content="en">
        <meta name="viewport" content="initial-scale=1">
        <meta http-equiv="X-UA-Compatible" content="IE=edge">
        <meta name="referrer" content="never">
        <meta name="robots" content="noindex">
        <title>Acunetix Report</title>
        <style>
/* region Normalize */
/*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */
html {
    font-family: sans-serif;
    -webkit-text-size-adjust: 100%;
    -ms-text-size-adjust: 100%;
}

body {
    margin: 0;
}

article,
aside,
details,
figcaption,
figure,
footer,
header,
hgroup,
main,
menu,
nav,
section,
summary {
    display: block;
}

audio,
canvas,
progress,
video {
    display: inline-block;
    vertical-align: baseline;
}

audio:not([controls]) {
    display: none;
    height: 0;
}

[hidden],
template {
    display: none;
}

a {
    background-color: transparent;
}

a:active,
a:hover {
    outline: 0;
}

abbr[title] {
    border-bottom: 1px dotted;
}

b,
strong {
    font-weight: bold;
}

dfn {
    font-style: italic;
}

h1 {
    margin: .67em 0;
    font-size: 2em;
}

mark {
    color: #000;
    background: #ff0;
}

small {
    font-size: 80%;
}

sub,
sup {
    position: relative;
    font-size: 75%;
    line-height: 0;
    vertical-align: baseline;
}

sup {
    top: -.5em;
}

sub {
    bottom: -.25em;
}

img {
    border: 0;
}

svg:not(:root) {
    overflow: hidden;
}

figure {
    margin: 1em 40px;
}

hr {
    height: 0;
    -webkit-box-sizing: content-box;
    -moz-box-sizing: content-box;
    box-sizing: content-box;
}

pre {
    overflow: auto;
}

code,
kbd,
pre,
samp {
    font-family: monospace, monospace;
    font-size: 1em;
}

button,
input,
optgroup,
select,
textarea {
    margin: 0;
    font: inherit;
    color: inherit;
}

button {
    overflow: visible;
}

button,
select {
    text-transform: none;
}

button,
html input[type="button"],
input[type="reset"],
input[type="submit"] {
    -webkit-appearance: button;
    cursor: pointer;
}

button[disabled],
html input[disabled] {
    cursor: default;
}

button::-moz-focus-inner,
input::-moz-focus-inner {
    padding: 0;
    border: 0;
}

input {
    line-height: normal;
}

input[type="checkbox"],
input[type="radio"] {
    -webkit-box-sizing: border-box;
    -moz-box-sizing: border-box;
    box-sizing: border-box;
    padding: 0;
}

input[type="number"]::-webkit-inner-spin-button,
input[type="number"]::-webkit-outer-spin-button {
    height: auto;
}

input[type="search"] {
    -webkit-box-sizing: content-box;
    -moz-box-sizing: content-box;
    box-sizing: content-box;
    -webkit-appearance: textfield;
}

input[type="search"]::-webkit-search-cancel-button,
input[type="search"]::-webkit-search-decoration {
    -webkit-appearance: none;
}

fieldset {
    padding: .35em .625em .75em;
    margin: 0 2px;
    border: 1px solid #c0c0c0;
}

legend {
    padding: 0;
    border: 0;
}

textarea {
    overflow: auto;
}

optgroup {
    font-weight: bold;
}

table {
    border-spacing: 0;
    border-collapse: collapse;
}

td,
th {
    padding: 0;
}

/*! Source: https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css */
@media print {

    * {
      -webkit-print-color-adjust: exact !important;
      print-color-adjust: exact !important;
    }

    *:before,
    *:after {
        color: #000 !important;
        text-shadow: none !important;
        background: transparent !important;
        -webkit-box-shadow: none !important;
        box-shadow: none !important;
    }

    a,
    a:visited {
        text-decoration: underline;
    }

    a[href]:after {
        content: " (" attr(href) ")";
    }

    abbr[title]:after {
        content: " (" attr(title) ")";
    }

    a[href^="#"]:after,
    a[href^="javascript:"]:after {
        content: "";
    }

    pre,
    blockquote {
        border: 1px solid #999;

        page-break-inside: avoid;
    }

    thead {
        display: table-header-group;
    }

    tr,
    img {
        page-break-inside: avoid;
    }

    img {
        max-width: 100% !important;
    }

    p,
    h2,
    h3 {
        orphans: 3;
        widows: 3;
    }

    h2,
    h3 {
        page-break-after: avoid;
    }

    .navbar {
        display: none;
    }

    .btn > .caret,
    .dropup > .btn > .caret {
        border-top-color: #000 !important;
    }

    .label {
        border: 1px solid #000;
    }

    .table {
        border-collapse: collapse !important;
    }

    .table td,
    .table th {
        background-color: #fff !important;
    }

    .table-bordered th,
    .table-bordered td {
        border: 1px solid #ddd !important;
    }
}

/* endregion Normalize */

/* region Report styles */

/* region For testing purposes only */
@media screen {
    html {
        background-color: #808080;
    }

    body {
        background-color: #ffffff;
        width: 210mm;
        margin-left: auto;
        margin-right: auto;
        height: 100%;
        min-height: 100%;
        padding: .98in .98in .79in .98in;
        box-shadow: 2px 2px 2px #222;
        position: relative;
    }
}

/* endregion For testing purposes only */

/* region Global Styles */
body {
    font-family: sans-serif;
    font-size: 13pt;
}

table {
    table-layout: fixed;
    width: 100%;
    border-collapse: collapse;
}

table > tbody > tr > td {
    padding: 4px 8px;
    border: 1px solid #dadada;
    word-wrap: break-word;
}

table > tbody > tr > td:first-child {
    width: 200px;
}

p {
    word-wrap: break-word;
}

.page-break {
    page-break-before: always;
}

.ax-section-title {
    border-bottom: 1px solid #cccccc;
    padding-bottom: 2px;
    margin-bottom: 10px;
}

.ax-section-title--big {
    border-bottom-width: 3px;
    padding-bottom: 3px;
    padding-top: 30px;
}

/* endregion Global Styles */

/* end region Report styles */

/* region Cover page */


.cover {
    width: 210mm;
    height: 297mm;
    }
.cover > img {
    width: 210mm;
    left: 20mm;
    z-index: -1;
    top: 60mm;
    position: absolute;
    }

.logo {
    position: absolute;
    top: 40px;
    left: 40px;
}

.ax-report__title {
    font-size: 62pt;
    font-weight: bold;
    text-align: left;
    top: 100mm;
    left: 40mm;
    width: 170mm;
    position: absolute;
    height: 70mm;
}


.ax-report__title_compliance {
    font-size: 38pt;
    font-weight: bold;
    text-align: center;
    top: 100mm;
    left: 20mm;
    width: 210mm;
    position: absolute;
    height: 70mm;
}

.ax-report__subtitle {
    text-align: left;
    font-size: 21pt;
    top: 180mm;
    left: 40mm;
    width: 210mm;
    position: absolute;
}

.ax-report__footer {
    border-bottom: 1px solid #cccccc;
    padding-bottom: 10px;
    left: 40mm;
    top: 320mm;
    position: absolute;
    width: 70%;
}

.ax-report__subfooter {
    left: 40mm;
    font-size: 8pt;
    top: 330mm;
    position: absolute;
}

.ax-report__title_date {
    text-align: left;
    left: 40mm;
    font-size: 13pt;
    top: 220mm;
    position: absolute;
}

/* endregion Cover page */


/* region Alert title */

.ax-alert-title {
    box-sizing: border-box;
    border-bottom: 2px solid #cccccc;
    padding-bottom: 3px;
    background-color: gray;
    color: white;
}

/* endregion Alert title */


/* region Severity Indicator*/

.ax-severity-icon {
    display: inline-block;
    width: 16px;
    height: 16px;
    vertical-align: baseline;
    border: none;
    background: url('images/severity.png');
    box-sizing: border-box;
    margin-right: 10px;
    position: relative;
    top: 1px;
}
.ax-severity-icon--high   {background-position: 0 0;}
.ax-severity-icon--medium {background-position: 0 -16px;}
.ax-severity-icon--low    {background-position: 0 -32px;}
.ax-severity-icon--info   {background-position: 0 -48px;}


.ax-alerts-distribution__label > img {margin-right: 5px;}
/* endregion Severity Indicator*/


table.ax-alert-info > tbody > tr > td:first-child {
    background-color: #E3E3E3;
}
table.ax-alert-info > tbody > tr > td.ax-alert-info__severity_value {
    font-weight: bold;
}


.ax-affected-item__highlight--dark { background-color: #cccccc; }
.ax-affected-item__highlight--light { background-color: #eeeeee; }

</style>
    </head>












    <body>
        <img class="logo" src=''/>
        <div class="cover">
            <img src="">
            <div class="page-break ax-report__title">
                Developer Report
            </div>

            <div class="ax-report__subtitle">
                Acunetix Security Audit
            </div>

            <div class="ax-report__title_date">
                27 May 2019
            </div>
            <p>
                <div class="ax-report__footer">
                    Generated by Acunetix
                </div>
            </p>
        </div>












    <h2 class="page-break ax-section-title ax-section-title--big">
    
        Scan of testasp.vulnweb.com
    
</h2>

<h3 class="ax-section-title">
    Scan details
</h3>

<table border="1" class="ax-scan-summary">
<tbody>
    <tr class="ax-scan-summary__section-title"><td colspan="2">Scan information</td></tr>
    
    <tr>
        <td class="ax-column-highlight">Start time</td>
        <td>27/05/2019, 03:47:58</td>
    </tr>
    
    
    <tr>
        <td class="ax-column-highlight">Start url</td>
        <td>http://testasp.vulnweb.com/</td>
    </tr>
    
    
    <tr>
        <td class="ax-column-highlight">Host</td>
        <td>testasp.vulnweb.com</td>
    </tr>
    
    
    <tr>
        <td class="ax-column-highlight">Scan time</td>
        <td>21 minutes, 20 seconds</td>
    </tr>
    
    
    <tr>
        <td class="ax-column-highlight">Profile</td>
        <td>Full Scan</td>
    </tr>
    
    
    <tr class="ax-scan-summary__section-title">
        <td>Server information</td>
        <td>Microsoft-IIS/8.5</td>
    </tr>
    
    
    <tr>
        <td class="ax-column-highlight">Responsive</td>
        <td>True</td>
    </tr>
    
    
    
    <tr>
        <td class="ax-column-highlight">Server OS</td>
        <td>Windows</td>
    </tr>
    
    
    <tr>
        <td class="ax-column-highlight">Server technologies</td>
        <td>
            ASP
        </td>
    </tr>
    
    
    
</tbody>
</table>
<h4 class="ax-section-title">
    Threat level
</h4>

<h4>Acunetix Threat Level 3</h4>

    <p>One or more high-severity type vulnerabilities have been discovered by the scanner. A malicious user can exploit these vulnerabilities and compromise the backend database and/or deface your website.</p>


<h4 class="ax-section-title">
    Alerts distribution
</h4>

<table border="1" class="ax-alerts-distribution">
    <tr>
        <td class="ax-alerts-distribution__label">Total alerts found</td>
        <td>26</td>
    </tr>
    <tr>
        <td class="ax-alerts-distribution__label ax-alerts-distribution__label--high"><img src="">High</td>
        <td>10</td>
    </tr>
    <tr>
        <td class="ax-alerts-distribution__label ax-alerts-distribution__label--medium"><img src="">Medium</td>
        <td>9</td>
    </tr>
    <tr>
        <td class="ax-alerts-distribution__label ax-alerts-distribution__label--low"><img src="">Low</td>
        <td>4</td>
    </tr>
    <tr>
        <td class="ax-alerts-distribution__label ax-alerts-distribution__label--info"><img src="">Informational</td>
        <td>3</td>
    </tr>
</table>












    <h3 class="page-break ax-section-title">
    Alerts summary
</h3>











    <!--alert_summary-->
<h4 class="ax-section-title ax-section-title--no-border">
    
        <img src="">
    
    Blind SQL Injection
</h4>
<table>
    <tr><td colspan="2" class="ax-alert-summary__title">Classification</td></tr>
    
        <tr><td>CVSS2</td><td>Base Score: 6.8<br>
Access Vector: Network_accessible<br>
Access Complexity: Medium<br>
Authentication: None<br>
Confidentiality Impact: Partial<br>
Integrity Impact: Partial<br>
Availability Impact: Partial<br>
Exploitability: Not_defined<br>
Remediation Level: Not_defined<br>
Report Confidence: Not_defined<br>
Availability Requirement: Not_defined<br>
Collateral Damage Potential: Not_defined<br>
Confidentiality Requirement: Not_defined<br>
Integrity Requirement: Not_defined<br>
Target Distribution: Not_defined<br>
</td></tr>
    
        <tr><td>CVSS3</td><td>Base Score: 10.0<br>
Attack Vector: Network<br>
Attack Complexity: Low<br>
Privileges Required: None<br>
User Interaction: None<br>
Scope: Changed<br>
Confidentiality Impact: High<br>
Integrity Impact: High<br>
Availability Impact: None<br>
</td></tr>
    
        <tr><td>CWE</td><td>CWE-89</td></tr>
    
</table>
<table width="100%">
    <tr><td width="90%">Affected items</td><td width="10%">Variation</td></tr>
    
        
        <tr>
            <td width="90%"><a href="#link_id_92">/Login.asp</a></td>
            <td width="10%">1</td>
        </tr>
        
    
        
        <tr>
            <td width="90%"><a href="#link_id_112">/showforum.asp</a></td>
            <td width="10%">2</td>
        </tr>
        
    
        
        <tr>
            <td width="90%"><a href="#link_id_302">/showthread.asp</a></td>
            <td width="10%">1</td>
        </tr>
        
    
</table>











    <!--alert_summary-->
<h4 class="ax-section-title ax-section-title--no-border">
    
        <img src="">
    
    Cross site scripting
</h4>
<table>
    <tr><td colspan="2" class="ax-alert-summary__title">Classification</td></tr>
    
        <tr><td>CVSS2</td><td>Base Score: 6.4<br>
Access Vector: Network_accessible<br>
Access Complexity: Low<br>
Authentication: None<br>
Confidentiality Impact: Partial<br>
Integrity Impact: Partial<br>
Availability Impact: None<br>
Exploitability: Not_defined<br>
Remediation Level: Not_defined<br>
Report Confidence: Not_defined<br>
Availability Requirement: Not_defined<br>
Collateral Damage Potential: Not_defined<br>
Confidentiality Requirement: Not_defined<br>
Integrity Requirement: Not_defined<br>
Target Distribution: Not_defined<br>
</td></tr>
    
        <tr><td>CVSS3</td><td>Base Score: 5.3<br>
Attack Vector: Network<br>
Attack Complexity: Low<br>
Privileges Required: None<br>
User Interaction: None<br>
Scope: Unchanged<br>
Confidentiality Impact: None<br>
Integrity Impact: Low<br>
Availability Impact: None<br>
</td></tr>
    
        <tr><td>CWE</td><td>CWE-79</td></tr>
    
</table>
<table width="100%">
    <tr><td width="90%">Affected items</td><td width="10%">Variation</td></tr>
    
        
        <tr>
            <td width="90%"><a href="#link_id_89">/Search.asp</a></td>
            <td width="10%">3</td>
        </tr>
        
    
</table>











    <!--alert_summary-->
<h4 class="ax-section-title ax-section-title--no-border">
    
        <img src="">
    
    Directory traversal
</h4>
<table>
    <tr><td colspan="2" class="ax-alert-summary__title">Classification</td></tr>
    
        <tr><td>CVSS2</td><td>Base Score: 6.8<br>
Access Vector: Network_accessible<br>
Access Complexity: Medium<br>
Authentication: None<br>
Confidentiality Impact: Partial<br>
Integrity Impact: Partial<br>
Availability Impact: Partial<br>
Exploitability: Not_defined<br>
Remediation Level: Not_defined<br>
Report Confidence: Not_defined<br>
Availability Requirement: Not_defined<br>
Collateral Damage Potential: Not_defined<br>
Confidentiality Requirement: Not_defined<br>
Integrity Requirement: Not_defined<br>
Target Distribution: Not_defined<br>
</td></tr>
    
        <tr><td>CVSS3</td><td>Base Score: 5.3<br>
Attack Vector: Network<br>
Attack Complexity: Low<br>
Privileges Required: None<br>
User Interaction: None<br>
Scope: Unchanged<br>
Confidentiality Impact: Low<br>
Integrity Impact: None<br>
Availability Impact: None<br>
</td></tr>
    
        <tr><td>CWE</td><td>CWE-22</td></tr>
    
</table>
<table width="100%">
    <tr><td width="90%">Affected items</td><td width="10%">Variation</td></tr>
    
        
        <tr>
            <td width="90%"><a href="#link_id_76">/Templatize.asp</a></td>
            <td width="10%">1</td>
        </tr>
        
    
</table>











    <!--alert_summary-->
<h4 class="ax-section-title ax-section-title--no-border">
    
        <img src="">
    
    Script source code disclosure
</h4>
<table>
    <tr><td colspan="2" class="ax-alert-summary__title">Classification</td></tr>
    
        <tr><td>CVSS2</td><td>Base Score: 5.0<br>
Access Vector: Network_accessible<br>
Access Complexity: Low<br>
Authentication: None<br>
Confidentiality Impact: Partial<br>
Integrity Impact: None<br>
Availability Impact: None<br>
Exploitability: Not_defined<br>
Remediation Level: Not_defined<br>
Report Confidence: Not_defined<br>
Availability Requirement: Not_defined<br>
Collateral Damage Potential: Not_defined<br>
Confidentiality Requirement: Not_defined<br>
Integrity Requirement: Not_defined<br>
Target Distribution: Not_defined<br>
</td></tr>
    
        <tr><td>CWE</td><td>CWE-538</td></tr>
    
</table>
<table width="100%">
    <tr><td width="90%">Affected items</td><td width="10%">Variation</td></tr>
    
        
        <tr>
            <td width="90%"><a href="#link_id_76">/Templatize.asp</a></td>
            <td width="10%">1</td>
        </tr>
        
    
</table>











    <!--alert_summary-->
<h4 class="ax-section-title ax-section-title--no-border">
    
        <img src="">
    
    Weak password
</h4>
<table>
    <tr><td colspan="2" class="ax-alert-summary__title">Classification</td></tr>
    
        <tr><td>CVSS2</td><td>Base Score: 7.5<br>
Access Vector: Network_accessible<br>
Access Complexity: Low<br>
Authentication: None<br>
Confidentiality Impact: Partial<br>
Integrity Impact: Partial<br>
Availability Impact: Partial<br>
Exploitability: Not_defined<br>
Remediation Level: Not_defined<br>
Report Confidence: Not_defined<br>
Availability Requirement: Not_defined<br>
Collateral Damage Potential: Not_defined<br>
Confidentiality Requirement: Not_defined<br>
Integrity Requirement: Not_defined<br>
Target Distribution: Not_defined<br>
</td></tr>
    
        <tr><td>CVSS3</td><td>Base Score: 7.5<br>
Attack Vector: Network<br>
Attack Complexity: Low<br>
Privileges Required: None<br>
User Interaction: None<br>
Scope: Unchanged<br>
Confidentiality Impact: High<br>
Integrity Impact: None<br>
Availability Impact: None<br>
</td></tr>
    
        <tr><td>CWE</td><td>CWE-200</td></tr>
    
</table>
<table width="100%">
    <tr><td width="90%">Affected items</td><td width="10%">Variation</td></tr>
    
        
        <tr>
            <td width="90%"><a href="#link_id_92">/Login.asp</a></td>
            <td width="10%">1</td>
        </tr>
        
    
</table>











    <!--alert_summary-->
<h4 class="ax-section-title ax-section-title--no-border">
    
        <img src="">
    
    HTML form without CSRF protection
</h4>
<table>
    <tr><td colspan="2" class="ax-alert-summary__title">Classification</td></tr>
    
        <tr><td>CVSS2</td><td>Base Score: 2.6<br>
Access Vector: Network_accessible<br>
Access Complexity: High<br>
Authentication: None<br>
Confidentiality Impact: None<br>
Integrity Impact: Partial<br>
Availability Impact: None<br>
Exploitability: Not_defined<br>
Remediation Level: Not_defined<br>
Report Confidence: Not_defined<br>
Availability Requirement: Not_defined<br>
Collateral Damage Potential: Not_defined<br>
Confidentiality Requirement: Not_defined<br>
Integrity Requirement: Not_defined<br>
Target Distribution: Not_defined<br>
</td></tr>
    
        <tr><td>CVSS3</td><td>Base Score: 4.3<br>
Attack Vector: Network<br>
Attack Complexity: Low<br>
Privileges Required: None<br>
User Interaction: Required<br>
Scope: Unchanged<br>
Confidentiality Impact: None<br>
Integrity Impact: Low<br>
Availability Impact: None<br>
</td></tr>
    
        <tr><td>CWE</td><td>CWE-352</td></tr>
    
</table>
<table width="100%">
    <tr><td width="90%">Affected items</td><td width="10%">Variation</td></tr>
    
        
        <tr>
            <td width="90%"><a href="#link_id_2">Web Server</a></td>
            <td width="10%">1</td>
        </tr>
        
    
        
        <tr>
            <td width="90%"><a href="#link_id_92">/Login.asp</a></td>
            <td width="10%">1</td>
        </tr>
        
    
        
        <tr>
            <td width="90%"><a href="#link_id_102">/Register.asp</a></td>
            <td width="10%">1</td>
        </tr>
        
    
        
        <tr>
            <td width="90%"><a href="#link_id_89">/Search.asp</a></td>
            <td width="10%">1</td>
        </tr>
        
    
        
        <tr>
            <td width="90%"><a href="#link_id_112">/showforum.asp</a></td>
            <td width="10%">1</td>
        </tr>
        
    
</table>











    <!--alert_summary-->
<h4 class="ax-section-title ax-section-title--no-border">
    
        <img src="">
    
    URL redirection
</h4>
<table>
    <tr><td colspan="2" class="ax-alert-summary__title">Classification</td></tr>
    
        <tr><td>CVSS2</td><td>Base Score: 6.4<br>
Access Vector: Network_accessible<br>
Access Complexity: Low<br>
Authentication: None<br>
Confidentiality Impact: Partial<br>
Integrity Impact: Partial<br>
Availability Impact: None<br>
Exploitability: Not_defined<br>
Remediation Level: Not_defined<br>
Report Confidence: Not_defined<br>
Availability Requirement: Not_defined<br>
Collateral Damage Potential: Not_defined<br>
Confidentiality Requirement: Not_defined<br>
Integrity Requirement: Not_defined<br>
Target Distribution: Not_defined<br>
</td></tr>
    
        <tr><td>CVSS3</td><td>Base Score: 0.0<br>
Attack Vector: Network<br>
Attack Complexity: Low<br>
Privileges Required: None<br>
User Interaction: None<br>
Scope: Unchanged<br>
Confidentiality Impact: None<br>
Integrity Impact: None<br>
Availability Impact: None<br>
</td></tr>
    
        <tr><td>CWE</td><td>CWE-601</td></tr>
    
</table>
<table width="100%">
    <tr><td width="90%">Affected items</td><td width="10%">Variation</td></tr>
    
        
        <tr>
            <td width="90%"><a href="#link_id_748">/Logout.asp</a></td>
            <td width="10%">1</td>
        </tr>
        
    
</table>











    <!--alert_summary-->
<h4 class="ax-section-title ax-section-title--no-border">
    
        <img src="">
    
    User credentials are sent in clear text
</h4>
<table>
    <tr><td colspan="2" class="ax-alert-summary__title">Classification</td></tr>
    
        <tr><td>CVSS2</td><td>Base Score: 5.0<br>
Access Vector: Network_accessible<br>
Access Complexity: Low<br>
Authentication: None<br>
Confidentiality Impact: Partial<br>
Integrity Impact: None<br>
Availability Impact: None<br>
Exploitability: High<br>
Remediation Level: Workaround<br>
Report Confidence: Confirmed<br>
Availability Requirement: Not_defined<br>
Collateral Damage Potential: Not_defined<br>
Confidentiality Requirement: Not_defined<br>
Integrity Requirement: Not_defined<br>
Target Distribution: Not_defined<br>
</td></tr>
    
        <tr><td>CVSS3</td><td>Base Score: 9.1<br>
Attack Vector: Network<br>
Attack Complexity: Low<br>
Privileges Required: None<br>
User Interaction: None<br>
Scope: Unchanged<br>
Confidentiality Impact: High<br>
Integrity Impact: High<br>
Availability Impact: None<br>
</td></tr>
    
        <tr><td>CWE</td><td>CWE-310</td></tr>
    
</table>
<table width="100%">
    <tr><td width="90%">Affected items</td><td width="10%">Variation</td></tr>
    
        
        <tr>
            <td width="90%"><a href="#link_id_2">Web Server</a></td>
            <td width="10%">1</td>
        </tr>
        
    
        
        <tr>
            <td width="90%"><a href="#link_id_92">/Login.asp</a></td>
            <td width="10%">1</td>
        </tr>
        
    
        
        <tr>
            <td width="90%"><a href="#link_id_102">/Register.asp</a></td>
            <td width="10%">1</td>
        </tr>
        
    
</table>











    <!--alert_summary-->
<h4 class="ax-section-title ax-section-title--no-border">
    
        <img src="">
    
    ASP.NET version disclosure
</h4>
<table>
    <tr><td colspan="2" class="ax-alert-summary__title">Classification</td></tr>
    
        <tr><td>CVSS2</td><td>Base Score: 0.0<br>
Access Vector: Network_accessible<br>
Access Complexity: Low<br>
Authentication: None<br>
Confidentiality Impact: None<br>
Integrity Impact: None<br>
Availability Impact: None<br>
Exploitability: Not_defined<br>
Remediation Level: Not_defined<br>
Report Confidence: Not_defined<br>
Availability Requirement: Not_defined<br>
Collateral Damage Potential: Not_defined<br>
Confidentiality Requirement: Not_defined<br>
Integrity Requirement: Not_defined<br>
Target Distribution: Not_defined<br>
</td></tr>
    
        <tr><td>CVSS3</td><td>Base Score: 7.5<br>
Attack Vector: Network<br>
Attack Complexity: Low<br>
Privileges Required: None<br>
User Interaction: None<br>
Scope: Unchanged<br>
Confidentiality Impact: High<br>
Integrity Impact: None<br>
Availability Impact: None<br>
</td></tr>
    
        <tr><td>CWE</td><td>CWE-200</td></tr>
    
</table>
<table width="100%">
    <tr><td width="90%">Affected items</td><td width="10%">Variation</td></tr>
    
        
        <tr>
            <td width="90%"><a href="#link_id_2">Web Server</a></td>
            <td width="10%">1</td>
        </tr>
        
    
</table>











    <!--alert_summary-->
<h4 class="ax-section-title ax-section-title--no-border">
    
        <img src="">
    
    Clickjacking: X-Frame-Options header missing
</h4>
<table>
    <tr><td colspan="2" class="ax-alert-summary__title">Classification</td></tr>
    
        <tr><td>CVSS2</td><td>Base Score: 6.8<br>
Access Vector: Network_accessible<br>
Access Complexity: Medium<br>
Authentication: None<br>
Confidentiality Impact: Partial<br>
Integrity Impact: Partial<br>
Availability Impact: Partial<br>
Exploitability: Not_defined<br>
Remediation Level: Not_defined<br>
Report Confidence: Not_defined<br>
Availability Requirement: Not_defined<br>
Collateral Damage Potential: Not_defined<br>
Confidentiality Requirement: Not_defined<br>
Integrity Requirement: Not_defined<br>
Target Distribution: Not_defined<br>
</td></tr>
    
        <tr><td>CWE</td><td>CWE-693</td></tr>
    
</table>
<table width="100%">
    <tr><td width="90%">Affected items</td><td width="10%">Variation</td></tr>
    
        
        <tr>
            <td width="90%"><a href="#link_id_2">Web Server</a></td>
            <td width="10%">1</td>
        </tr>
        
    
</table>











    <!--alert_summary-->
<h4 class="ax-section-title ax-section-title--no-border">
    
        <img src="">
    
    Login page password-guessing attack
</h4>
<table>
    <tr><td colspan="2" class="ax-alert-summary__title">Classification</td></tr>
    
        <tr><td>CVSS2</td><td>Base Score: 5.0<br>
Access Vector: Network_accessible<br>
Access Complexity: Low<br>
Authentication: None<br>
Confidentiality Impact: Partial<br>
Integrity Impact: None<br>
Availability Impact: None<br>
Exploitability: Not_defined<br>
Remediation Level: Not_defined<br>
Report Confidence: Not_defined<br>
Availability Requirement: Not_defined<br>
Collateral Damage Potential: Not_defined<br>
Confidentiality Requirement: Not_defined<br>
Integrity Requirement: Not_defined<br>
Target Distribution: Not_defined<br>
</td></tr>
    
        <tr><td>CVSS3</td><td>Base Score: 5.3<br>
Attack Vector: Network<br>
Attack Complexity: Low<br>
Privileges Required: None<br>
User Interaction: None<br>
Scope: Unchanged<br>
Confidentiality Impact: None<br>
Integrity Impact: None<br>
Availability Impact: Low<br>
</td></tr>
    
        <tr><td>CWE</td><td>CWE-307</td></tr>
    
</table>
<table width="100%">
    <tr><td width="90%">Affected items</td><td width="10%">Variation</td></tr>
    
        
        <tr>
            <td width="90%"><a href="#link_id_92">/Login.asp</a></td>
            <td width="10%">1</td>
        </tr>
        
    
        
        <tr>
            <td width="90%"><a href="#link_id_102">/Register.asp</a></td>
            <td width="10%">1</td>
        </tr>
        
    
</table>











    <!--alert_summary-->
<h4 class="ax-section-title ax-section-title--no-border">
    
        <img src="">
    
    Content Security Policy (CSP) not implemented
</h4>
<table>
    <tr><td colspan="2" class="ax-alert-summary__title">Classification</td></tr>
    
        <tr><td>CVSS2</td><td>Base Score: 0.0<br>
Access Vector: Network_accessible<br>
Access Complexity: Low<br>
Authentication: None<br>
Confidentiality Impact: None<br>
Integrity Impact: None<br>
Availability Impact: None<br>
Exploitability: Not_defined<br>
Remediation Level: Not_defined<br>
Report Confidence: Not_defined<br>
Availability Requirement: Not_defined<br>
Collateral Damage Potential: Not_defined<br>
Confidentiality Requirement: Not_defined<br>
Integrity Requirement: Not_defined<br>
Target Distribution: Not_defined<br>
</td></tr>
    
        <tr><td>CWE</td><td>CWE-16</td></tr>
    
</table>
<table width="100%">
    <tr><td width="90%">Affected items</td><td width="10%">Variation</td></tr>
    
        
        <tr>
            <td width="90%"><a href="#link_id_2">Web Server</a></td>
            <td width="10%">1</td>
        </tr>
        
    
</table>











    <!--alert_summary-->
<h4 class="ax-section-title ax-section-title--no-border">
    
        <img src="">
    
    Microsoft IIS version disclosure
</h4>
<table>
    <tr><td colspan="2" class="ax-alert-summary__title">Classification</td></tr>
    
        <tr><td>CVSS2</td><td>Base Score: 0.0<br>
Access Vector: Network_accessible<br>
Access Complexity: Low<br>
Authentication: None<br>
Confidentiality Impact: None<br>
Integrity Impact: None<br>
Availability Impact: None<br>
Exploitability: Not_defined<br>
Remediation Level: Not_defined<br>
Report Confidence: Not_defined<br>
Availability Requirement: Not_defined<br>
Collateral Damage Potential: Not_defined<br>
Confidentiality Requirement: Not_defined<br>
Integrity Requirement: Not_defined<br>
Target Distribution: Not_defined<br>
</td></tr>
    
        <tr><td>CVSS3</td><td>Base Score: 0.0<br>
Attack Vector: Network<br>
Attack Complexity: Low<br>
Privileges Required: None<br>
User Interaction: None<br>
Scope: Unchanged<br>
Confidentiality Impact: None<br>
Integrity Impact: None<br>
Availability Impact: None<br>
</td></tr>
    
        <tr><td>CWE</td><td>CWE-200</td></tr>
    
</table>
<table width="100%">
    <tr><td width="90%">Affected items</td><td width="10%">Variation</td></tr>
    
        
        <tr>
            <td width="90%"><a href="#link_id_2">Web Server</a></td>
            <td width="10%">1</td>
        </tr>
        
    
</table>











    <!--alert_summary-->
<h4 class="ax-section-title ax-section-title--no-border">
    
        <img src="">
    
    Password type input with auto-complete enabled
</h4>
<table>
    <tr><td colspan="2" class="ax-alert-summary__title">Classification</td></tr>
    
        <tr><td>CVSS2</td><td>Base Score: 0.0<br>
Access Vector: Network_accessible<br>
Access Complexity: Low<br>
Authentication: None<br>
Confidentiality Impact: None<br>
Integrity Impact: None<br>
Availability Impact: None<br>
Exploitability: Not_defined<br>
Remediation Level: Not_defined<br>
Report Confidence: Not_defined<br>
Availability Requirement: Not_defined<br>
Collateral Damage Potential: Not_defined<br>
Confidentiality Requirement: Not_defined<br>
Integrity Requirement: Not_defined<br>
Target Distribution: Not_defined<br>
</td></tr>
    
        <tr><td>CVSS3</td><td>Base Score: 7.5<br>
Attack Vector: Network<br>
Attack Complexity: Low<br>
Privileges Required: None<br>
User Interaction: None<br>
Scope: Unchanged<br>
Confidentiality Impact: High<br>
Integrity Impact: None<br>
Availability Impact: None<br>
</td></tr>
    
        <tr><td>CWE</td><td>CWE-200</td></tr>
    
</table>
<table width="100%">
    <tr><td width="90%">Affected items</td><td width="10%">Variation</td></tr>
    
        
        <tr>
            <td width="90%"><a href="#link_id_2">Web Server</a></td>
            <td width="10%">1</td>
        </tr>
        
    
</table>











    <h3 class="page-break ax-section-title">
    Alerts details
</h3>











    <h3 class="ax-section-title ax-section-title--big">
    
        <img src="">
    
    Blind SQL Injection
</h3>

<table border="1" class="ax-alert-info">
    <tr>
        <td>
            Severity
        </td>
        <td class="ax-alert-info__severity_value">
            High
        </td>
    </tr>
    <tr>
        <td>
            Reported by module
        </td>
        <td>
            /Scripts/PerScheme/Blind_Sql_Injection.script
        </td>
    </tr>
</table>

<h4 class="ax-section-title">
    Description
</h4>

<p>
    
    SQL injection (SQLi) refers to an injection attack wherein an attacker can execute malicious SQL statements that control a web application's database server.
    
</p>

<h4 class="ax-section-title">
    Impact
</h4>

<p>
    An attacker can use SQL injection it to bypass a web application's authentication and authorization mechanisms and retrieve the contents of an entire database. SQLi can also be used to add, modify and delete records in a database, affecting data integrity. Under the right circumstances, SQLi can also be used by an attacker to execute OS commands, which may then be used to escalate an attack even further.
</p>

<h4 class="ax-section-title">
    Recommendation
</h4>

<p>
    Use parameterized queries when dealing with SQL queries that contains user input. Parameterized queries allows the database to understand which parts of the SQL query should be considered as user input, therefore solving SQL injection.
</p>


<h4 class="ax-section-title">
    References
</h4>

<p>
    
    <a href="https://www.acunetix.com/websitesecurity/sql-injection/">SQL Injection (SQLi) - Acunetix</a><br>
    
    <a href="https://www.acunetix.com/websitesecurity/sql-injection2/">Types of SQL Injection (SQLi) - Acunetix</a><br>
    
    <a href="prevent-sql-injection-vulnerabilities-in-php-applications/">Prevent SQL injection vulnerabilities in PHP applications and fix them - Acunetix</a><br>
    
    <a href="https://www.owasp.org/index.php/SQL_Injection">SQL Injection - OWASP</a><br>
    
    <a href="http://bobby-tables.com/">Bobby Tables: A guide to preventing SQL injection</a><br>
    
</p>


<h4 class="ax-section-title">
    Affected items
</h4>











    <table border="1" style="table-layout: fixed">
    <tr><td class="ax-affected-item__highlight--dark" id="link_id_92"><b>
        
        /Login.asp
        
    </b></td></tr>
    
    <tr><td class="ax-affected-item__highlight--light">Details</td></tr>
    <tr><td>URL encoded POST input <strong><span class="bb-dark">tfUName</span></strong> was set to <strong><span class="bb-dark">APZxjI5e&#x27;; waitfor delay &#x27;0:0:0&#x27; -- </span></strong><br/><br/> Tests performed:  <ul>    <li>b2oyNzD8&#x27;; waitfor delay &#x27;0:0:3&#x27; --  =&gt; <strong>3.546</strong></li>    <li>A7bBcyOE&#x27;; waitfor delay &#x27;0:0:6&#x27; --  =&gt; <strong>6.546</strong></li>    <li>ZbL9s6LR&#x27;; waitfor delay &#x27;0:0:0&#x27; --  =&gt; <strong>0.563</strong></li>    <li>xauwQ9OO&#x27;; waitfor delay &#x27;0:0:9&#x27; --  =&gt; <strong>9.552</strong></li>    <li>ChJGvL2j&#x27;; waitfor delay &#x27;0:0:0&#x27; --  =&gt; <strong>0.569</strong></li>    <li>ZXKsh5Z2&#x27;; waitfor delay &#x27;0:0:0&#x27; --  =&gt; <strong>0.535</strong></li>    <li>w6yM5I2I&#x27;; waitfor delay &#x27;0:0:0&#x27; --  =&gt; <strong>0.555</strong></li>    <li>cREC7xzo&#x27;; waitfor delay &#x27;0:0:6&#x27; --  =&gt; <strong>6.56</strong></li>    <li>APZxjI5e&#x27;; waitfor delay &#x27;0:0:0&#x27; --  =&gt; <strong>0.539</strong></li>  </ul> <br/><br/>Original value: <strong>g00dPa$$w0rD</strong></td></tr>
    <tr><td class="ax-affected-item__highlight--light">Request headers</td></tr>
    <tr><td><code style="white-space: pre-line">POST /Login.asp?RetURL=ikgzMOBX HTTP/1.1
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://testasp.vulnweb.com/
Connection: keep-alive
Cookie: ASPSESSIONIDAQQQADDT=DNKJOCPAABCMFBJCNKPFOFFA
Accept: */*
Accept-Encoding: gzip,deflate
Content-Length: 78
Host: testasp.vulnweb.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
tfUName=APZxjI5e&apos;;%20waitfor%20delay%20&apos;0:0:0&apos;%20--%20&amp;tfUPass=/Default.asp%3F</code></td></tr>
</table>











    <table border="1" style="table-layout: fixed">
    <tr><td class="ax-affected-item__highlight--dark" id="link_id_112"><b>
        
        /showforum.asp
        
    </b></td></tr>
    
    <tr><td class="ax-affected-item__highlight--light">Details</td></tr>
    <tr><td>URL encoded GET input <strong><span class="bb-dark">id</span></strong> was set to <strong><span class="bb-dark">-1 OR 3*2*1=6 AND 00029=00029 -- </span></strong><br/><br/> Tests performed:  <ul>    <li>-1 OR 2+29-29-1=0+0+0+1 --  =&gt; <strong>TRUE</strong></li>    <li>-1 OR 3+29-29-1=0+0+0+1 --  =&gt; <strong>FALSE</strong></li>    <li>-1 OR 3*2&lt;(0+5+29-29) --  =&gt; <strong>FALSE</strong></li>    <li>-1 OR 3*2&gt;(0+5+29-29) --  =&gt; <strong>FALSE</strong></li>    <li>-1 OR 2+1-1-1=1 AND 00029=00029 --  =&gt; <strong>TRUE</strong></li>    <li>-1 OR 00029=00029 AND 3+1-1-1=1 --  =&gt; <strong>FALSE</strong></li>    <li>-1 OR 3*2=5 AND 00029=00029 --  =&gt; <strong>FALSE</strong></li>    <li>-1 OR 3*2=6 AND 00029=00029 --  =&gt; <strong>TRUE</strong></li>    <li>-1 OR 3*2*0=6 AND 00029=00029 --  =&gt; <strong>FALSE</strong></li>    <li>-1 OR 3*2*1=6 AND 00029=00029 --  =&gt; <strong>TRUE</strong></li>  </ul> <br/><br/>Original value: <strong>0</strong></td></tr>
    <tr><td class="ax-affected-item__highlight--light">Request headers</td></tr>
    <tr><td><code style="white-space: pre-line">GET /showforum.asp?id=-1%20OR%203*2*1=6%20AND%2000029=00029%20--%20 HTTP/1.1
X-Requested-With: XMLHttpRequest
Referer: http://testasp.vulnweb.com/
Connection: keep-alive
Cookie: ASPSESSIONIDAQQQADDT=GOCJOCPAOMKGFJKHBKDBFDOE
Accept: */*
Accept-Encoding: gzip,deflate
Host: testasp.vulnweb.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
</code></td></tr>
</table>











    <table border="1" style="table-layout: fixed">
    <tr><td class="ax-affected-item__highlight--dark" id="link_id_112"><b>
        
        /showforum.asp
        
    </b></td></tr>
    
    <tr><td class="ax-affected-item__highlight--light">Details</td></tr>
    <tr><td>URL encoded GET input <strong><span class="bb-dark">id</span></strong> was set to <strong><span class="bb-dark">-1 OR 3*2*1=6 AND 000197=000197 -- </span></strong><br/><br/> Tests performed:  <ul>    <li>-1 OR 2+197-197-1=0+0+0+1 --  =&gt; <strong>TRUE</strong></li>    <li>-1 OR 3+197-197-1=0+0+0+1 --  =&gt; <strong>FALSE</strong></li>    <li>-1 OR 3*2&lt;(0+5+197-197) --  =&gt; <strong>FALSE</strong></li>    <li>-1 OR 3*2&gt;(0+5+197-197) --  =&gt; <strong>FALSE</strong></li>    <li>-1 OR 2+1-1-1=1 AND 000197=000197 --  =&gt; <strong>TRUE</strong></li>    <li>-1 OR 000197=000197 AND 3+1-1-1=1 --  =&gt; <strong>FALSE</strong></li>    <li>-1 OR 3*2=5 AND 000197=000197 --  =&gt; <strong>FALSE</strong></li>    <li>-1 OR 3*2=6 AND 000197=000197 --  =&gt; <strong>TRUE</strong></li>    <li>-1 OR 3*2*0=6 AND 000197=000197 --  =&gt; <strong>FALSE</strong></li>    <li>-1 OR 3*2*1=6 AND 000197=000197 --  =&gt; <strong>TRUE</strong></li>  </ul> <br/><br/>Original value: <strong>Mr.</strong></td></tr>
    <tr><td class="ax-affected-item__highlight--light">Request headers</td></tr>
    <tr><td><code style="white-space: pre-line">POST /showforum.asp?id=-1%20OR%203*2*1=6%20AND%20000197=000197%20--%20 HTTP/1.1
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://testasp.vulnweb.com/
Connection: keep-alive
Cookie: ASPSESSIONIDAQQQADDT=BIMJOCPAFGNIDFOMGPCNIJJA
Accept: */*
Accept-Encoding: gzip,deflate
Content-Length: 22
Host: testasp.vulnweb.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
tfSubject=555&amp;tfText=1</code></td></tr>
</table>











    <table border="1" style="table-layout: fixed">
    <tr><td class="ax-affected-item__highlight--dark" id="link_id_302"><b>
        
        /showthread.asp
        
    </b></td></tr>
    
    <tr><td class="ax-affected-item__highlight--light">Details</td></tr>
    <tr><td>URL encoded GET input <strong><span class="bb-dark">id</span></strong> was set to <strong><span class="bb-dark">-1; waitfor delay &#x27;0:0:0&#x27; -- </span></strong><br/><br/> Tests performed:  <ul>    <li>-1; waitfor delay &#x27;0:0:3&#x27; --  =&gt; <strong>3.245</strong></li>    <li>-1; waitfor delay &#x27;0:0:0&#x27; --  =&gt; <strong>0.253</strong></li>    <li>-1; waitfor delay &#x27;0:0:9&#x27; --  =&gt; <strong>9.261</strong></li>    <li>-1; waitfor delay &#x27;0:0:6&#x27; --  =&gt; <strong>6.244</strong></li>    <li>-1; waitfor delay &#x27;0:0:0&#x27; --  =&gt; <strong>0.228</strong></li>    <li>-1; waitfor delay &#x27;0:0:0&#x27; --  =&gt; <strong>0.231</strong></li>    <li>-1; waitfor delay &#x27;0:0:0&#x27; --  =&gt; <strong>0.243</strong></li>    <li>-1; waitfor delay &#x27;0:0:6&#x27; --  =&gt; <strong>6.237</strong></li>    <li>-1; waitfor delay &#x27;0:0:0&#x27; --  =&gt; <strong>0.238</strong></li>  </ul> <br/><br/>Original value: <strong>0</strong></td></tr>
    <tr><td class="ax-affected-item__highlight--light">Request headers</td></tr>
    <tr><td><code style="white-space: pre-line">GET /showthread.asp?id=-1;%20waitfor%20delay%20&apos;0:0:0&apos;%20--%20 HTTP/1.1
X-Requested-With: XMLHttpRequest
Referer: http://testasp.vulnweb.com/
Connection: keep-alive
Cookie: ASPSESSIONIDAQQQADDT=DNKJOCPAABCMFBJCNKPFOFFA
Accept: */*
Accept-Encoding: gzip,deflate
Host: testasp.vulnweb.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
</code></td></tr>
</table>











    <h3 class="ax-section-title ax-section-title--big">
    
        <img src="">
    
    Cross site scripting
</h3>

<table border="1" class="ax-alert-info">
    <tr>
        <td>
            Severity
        </td>
        <td class="ax-alert-info__severity_value">
            High
        </td>
    </tr>
    <tr>
        <td>
            Reported by module
        </td>
        <td>
            /Scripts/PerScheme/XSS.script
        </td>
    </tr>
</table>

<h4 class="ax-section-title">
    Description
</h4>

<p>
    
    Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates.
    
</p>

<h4 class="ax-section-title">
    Impact
</h4>

<p>
    Malicious JavaScript has access to all the same objects as the rest of the web page, including access to cookies and local storage, which are often used to store session tokens. If an attacker can obtain a user's session cookie, they can then impersonate that user.<br/><br/>

Furthermore, JavaScript can read and make arbitrary modifications to the contents of a page being displayed to a user. Therefore, XSS in conjunction with some clever social engineering opens up a lot of possibilities for an attacker.
</p>

<h4 class="ax-section-title">
    Recommendation
</h4>

<p>
    Apply context-dependent encoding and/or validation to user input rendered on a page
</p>


<h4 class="ax-section-title">
    References
</h4>

<p>
    
    <a href="https://www.acunetix.com/websitesecurity/cross-site-scripting/">Cross-site Scripting (XSS) Attack - Acunetix</a><br>
    
    <a href="https://www.acunetix.com/websitesecurity/xss/">Types of XSS - Acunetix</a><br>
    
    <a href="http://www.owasp.org/index.php/Cross_Site_Scripting">Cross-site Scripting - OWASP</a><br>
    
    <a href="https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet">XSS Filter Evasion Cheat Sheet</a><br>
    
    <a href="https://excess-xss.com/">Excess XSS, a comprehensive tutorial on cross-site scripting</a><br>
    
    <a href="http://en.wikipedia.org/wiki/Cross-site_scripting ">Cross site scripting</a><br>
    
</p>


<h4 class="ax-section-title">
    Affected items
</h4>











    <table border="1" style="table-layout: fixed">
    <tr><td class="ax-affected-item__highlight--dark" id="link_id_89"><b>
        
        /Search.asp
        
    </b></td></tr>
    <tr><td class="ax-affected-item__highlight--light">Verified vulnerability</td></tr>
    <tr><td class="ax-affected-item__highlight--light">Details</td></tr>
    <tr><td>   URL encoded GET input <strong><span class="bb-dark">tfSearch</span></strong> was set to <strong><span class="bb-dark">1&quot;&gt;&lt;script&gt;RsHD(9194)&lt;/script&gt;</span></strong><br/>   <br/>The input is reflected inside a tag parameter between double quotes. </td></tr>
    <tr><td class="ax-affected-item__highlight--light">Request headers</td></tr>
    <tr><td><code style="white-space: pre-line">GET /Search.asp?tfSearch=1&quot;&gt;&lt;script&gt;RsHD(9194)&lt;/script&gt; HTTP/1.1
Referer: http://testasp.vulnweb.com/
Connection: keep-alive
Cookie: ASPSESSIONIDAQQQADDT=BIMJOCPAFGNIDFOMGPCNIJJA
Accept: */*
Accept-Encoding: gzip,deflate
Host: testasp.vulnweb.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
</code></td></tr>
</table>











    <table border="1" style="table-layout: fixed">
    <tr><td class="ax-affected-item__highlight--dark" id="link_id_89"><b>
        
        /Search.asp
        
    </b></td></tr>
    <tr><td class="ax-affected-item__highlight--light">Verified vulnerability</td></tr>
    <tr><td class="ax-affected-item__highlight--light">Details</td></tr>
    <tr><td>   URL encoded GET input <strong><span class="bb-dark">tfSearch</span></strong> was set to <strong><span class="bb-dark">1&quot;&gt;&lt;script&gt;4ufZ(9208)&lt;/script&gt;</span></strong><br/>   <br/>The input is reflected inside a tag parameter between double quotes. </td></tr>
    <tr><td class="ax-affected-item__highlight--light">Request headers</td></tr>
    <tr><td><code style="white-space: pre-line">GET /Search.asp?tfSearch=1&quot;&gt;&lt;script&gt;4ufZ(9208)&lt;/script&gt;&amp;tfSearch=the HTTP/1.1
Referer: http://testasp.vulnweb.com/
Connection: keep-alive
Cookie: ASPSESSIONIDAQQQADDT=BIMJOCPAFGNIDFOMGPCNIJJA
Accept: */*
Accept-Encoding: gzip,deflate
Host: testasp.vulnweb.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
</code></td></tr>
</table>











    <table border="1" style="table-layout: fixed">
    <tr><td class="ax-affected-item__highlight--dark" id="link_id_89"><b>
        
        /Search.asp
        
    </b></td></tr>
    <tr><td class="ax-affected-item__highlight--light">Verified vulnerability</td></tr>
    <tr><td class="ax-affected-item__highlight--light">Details</td></tr>
    <tr><td>   URL encoded GET input <strong><span class="bb-dark">tfSearch</span></strong> was set to <strong><span class="bb-dark">the&quot;&gt;&lt;script&gt;obUH(9845)&lt;/script&gt;</span></strong><br/>   <br/>The input is reflected inside a tag parameter between double quotes. </td></tr>
    <tr><td class="ax-affected-item__highlight--light">Request headers</td></tr>
    <tr><td><code style="white-space: pre-line">GET /Search.asp?tfSearch=the&quot;&gt;&lt;script&gt;obUH(9845)&lt;/script&gt; HTTP/1.1
Referer: http://testasp.vulnweb.com/
Connection: keep-alive
Cookie: ASPSESSIONIDAQQQADDT=BIMJOCPAFGNIDFOMGPCNIJJA
Accept: */*
Accept-Encoding: gzip,deflate
Host: testasp.vulnweb.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
</code></td></tr>
</table>











    <h3 class="ax-section-title ax-section-title--big">
    
        <img src="">
    
    Directory traversal
</h3>

<table border="1" class="ax-alert-info">
    <tr>
        <td>
            Severity
        </td>
        <td class="ax-alert-info__severity_value">
            High
        </td>
    </tr>
    <tr>
        <td>
            Reported by module
        </td>
        <td>
            /Scripts/PerScheme/Directory_Traversal.script
        </td>
    </tr>
</table>

<h4 class="ax-section-title">
    Description
</h4>

<p>
    
    This script is possibly vulnerable to directory traversal attacks.<br/><br/>Directory Traversal is a vulnerability which allows attackers to access restricted directories and read files outside of the web server's root directory.
    
</p>

<h4 class="ax-section-title">
    Impact
</h4>

<p>
    By exploiting directory traversal vulnerabilities, attackers step out of the root directory and access files in other directories. As a result, attackers might view restricted files or execute commands, leading to a full compromise of the Web server.
</p>

<h4 class="ax-section-title">
    Recommendation
</h4>

<p>
    Your script should filter metacharacters from user input.
</p>


<h4 class="ax-section-title">
    References
</h4>

<p>
    
    <a href="http://www.acunetix.com/websitesecurity/directory-traversal/">Acunetix Directory Traversal Attacks</a><br>
    
</p>


<h4 class="ax-section-title">
    Affected items
</h4>











    <table border="1" style="table-layout: fixed">
    <tr><td class="ax-affected-item__highlight--dark" id="link_id_76"><b>
        
        /Templatize.asp
        
    </b></td></tr>
    
    <tr><td class="ax-affected-item__highlight--light">Details</td></tr>
    <tr><td>URL encoded GET input <strong><span class="bb-dark">item</span></strong> was set to <strong><span class="bb-dark">../../../../../../../../../../windows/win.ini</span></strong><br/><br/> File contents found: <pre><span class="bb-blue">; for 16-bit app support</span></pre> </td></tr>
    <tr><td class="ax-affected-item__highlight--light">Request headers</td></tr>
    <tr><td><code style="white-space: pre-line">GET /Templatize.asp?item=../../../../../../../../../../windows/win.ini HTTP/1.1
Referer: http://testasp.vulnweb.com/
Connection: keep-alive
Cookie: ASPSESSIONIDAQQQADDT=EDGJOCPAGAKMGFPIJGHNODFC
Accept: */*
Accept-Encoding: gzip,deflate
Host: testasp.vulnweb.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
</code></td></tr>
</table>











    <h3 class="ax-section-title ax-section-title--big">
    
        <img src="">
    
    Script source code disclosure
</h3>

<table border="1" class="ax-alert-info">
    <tr>
        <td>
            Severity
        </td>
        <td class="ax-alert-info__severity_value">
            High
        </td>
    </tr>
    <tr>
        <td>
            Reported by module
        </td>
        <td>
            /Scripts/PerScheme/Script_Source_Code_Disclosure.script
        </td>
    </tr>
</table>

<h4 class="ax-section-title">
    Description
</h4>

<p>
    
    It is possible to read the source code of this script by using script filename as a parameter. It seems that this script includes a file which name is determined using user-supplied data. This data is not properly validated before being passed to the include function. 
    
</p>

<h4 class="ax-section-title">
    Impact
</h4>

<p>
    An attacker can gather sensitive information (database connection strings, application logic) by analyzing the source code. This information can be used to launch further attacks.
</p>

<h4 class="ax-section-title">
    Recommendation
</h4>

<p>
    Analyze the source code of this script and solve the problem.
</p>


<h4 class="ax-section-title">
    References
</h4>

<p>
    
    <a href="http://www.imperva.com/resources/glossary?term=source_code_disclosure">Source Code Disclosure</a><br>
    
</p>


<h4 class="ax-section-title">
    Affected items
</h4>











    <table border="1" style="table-layout: fixed">
    <tr><td class="ax-affected-item__highlight--dark" id="link_id_76"><b>
        
        /Templatize.asp
        
    </b></td></tr>
    
    <tr><td class="ax-affected-item__highlight--light">Details</td></tr>
    <tr><td>URL encoded GET input <strong><span class="bb-dark">item</span></strong> was set to <strong><span class="bb-dark">Templatize.asp</span></strong><br/> Pattern found: <pre><span class="bb-blue">&lt;%@LANGUAGE=&quot;VBSCRIPT&quot; CODEPAGE=&quot;1252&quot;%&gt;
&lt;!DOCTYPE HTML PUBLIC &quot;-//W3C//DTD HTML 4.01 Transitional//EN&quot; &quot;http://www.w3.org/TR/html4/loose.dtd&quot;&gt;
&lt;html&gt;&lt;!-- InstanceBegin template=&quot;/Templates/MainTemplate.dwt.asp&quot; codeOutsideHTMLIsLocked=&quot;false&quot; --&gt;
&lt;head&gt;
&lt;!-- InstanceBeginEditable name=&quot;doctitle&quot; --&gt;
&lt;title&gt;Untitled Document&lt;/title&gt;
&lt;!-- InstanceEndEditable --&gt;
&lt;meta http-equiv=&quot;Content-Type&quot; content=&quot;text/html; charset=iso-8859-1&quot;&gt;
&lt;!-- InstanceBeginEditable name=&quot;head&quot; --&gt;&lt;!-- InstanceEndEditable ... </span></pre> </td></tr>
    <tr><td class="ax-affected-item__highlight--light">Request headers</td></tr>
    <tr><td><code style="white-space: pre-line">GET /Templatize.asp?item=Templatize.asp HTTP/1.1
Connection: keep-alive
Cookie: ASPSESSIONIDAQQQADDT=EDGJOCPAGAKMGFPIJGHNODFC
Accept: */*
Accept-Encoding: gzip,deflate
Host: testasp.vulnweb.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
</code></td></tr>
</table>











    <h3 class="ax-section-title ax-section-title--big">
    
        <img src="">
    
    Weak password
</h3>

<table border="1" class="ax-alert-info">
    <tr>
        <td>
            Severity
        </td>
        <td class="ax-alert-info__severity_value">
            High
        </td>
    </tr>
    <tr>
        <td>
            Reported by module
        </td>
        <td>
            /Scripts/PerScheme/Html_Authentication_Audit.script
        </td>
    </tr>
</table>

<h4 class="ax-section-title">
    Description
</h4>

<p>
    
    This page is using a weak password. Acunetix was able to guess the credentials required to access this page. A weak password is short, common, a system default, or something that could be rapidly guessed by executing a brute force attack using a subset of all possible passwords, such as words in the dictionary, proper names, words based on the user name or common variations on these themes.
    
</p>

<h4 class="ax-section-title">
    Impact
</h4>

<p>
    An attacker may access the contents of the password-protected page.
</p>

<h4 class="ax-section-title">
    Recommendation
</h4>

<p>
    Enforce a strong password policy. Don't permit weak passwords or passwords based on dictionary words.
</p>


<h4 class="ax-section-title">
    References
</h4>

<p>
    
    <a href="http://en.wikipedia.org/wiki/Password_strength">Wikipedia - Password strength</a><br>
    
    <a href="http://www.acunetix.com/websitesecurity/authentication/">Authentication Hacking Attacks</a><br>
    
</p>


<h4 class="ax-section-title">
    Affected items
</h4>











    <table border="1" style="table-layout: fixed">
    <tr><td class="ax-affected-item__highlight--dark" id="link_id_92"><b>
        
        /Login.asp
        
    </b></td></tr>
    
    <tr><td class="ax-affected-item__highlight--light">Details</td></tr>
    <tr><td>Username: <strong><span class="bb-dark">admin</span></strong>, Password: <strong><span class="bb-dark">none</span></strong>.</td></tr>
    <tr><td class="ax-affected-item__highlight--light">Request headers</td></tr>
    <tr><td><code style="white-space: pre-line">POST /Login.asp?RetURL=ikgzMOBX HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Referer: http://testasp.vulnweb.com/
Connection: keep-alive
Accept: */*
Accept-Encoding: gzip,deflate
Content-Length: 26
Host: testasp.vulnweb.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
tfUName=admin&amp;tfUPass=none</code></td></tr>
</table>











    <h3 class="ax-section-title ax-section-title--big">
    
        <img src="">
    
    HTML form without CSRF protection
</h3>

<table border="1" class="ax-alert-info">
    <tr>
        <td>
            Severity
        </td>
        <td class="ax-alert-info__severity_value">
            Medium
        </td>
    </tr>
    <tr>
        <td>
            Reported by module
        </td>
        <td>
            /Crawler/12-Crawler_Form_NO_CSRF.js
        </td>
    </tr>
</table>

<h4 class="ax-section-title">
    Description
</h4>

<p>
    
    <div class="bb-coolbox"><span class="bb-dark">This alert requires manual confirmation</span></div><br/>

Cross-Site Request Forgery (CSRF, or XSRF) is a vulnerability wherein an attacker tricks a victim into making a request the victim did not intend to make. Therefore, with CSRF, an attacker abuses the trust a web application has with a victim's browser.<br/><br/>

Acunetix found an HTML form with no apparent anti-CSRF protection implemented. Consult the 'Attack details' section for more information about the affected HTML form.
    
</p>

<h4 class="ax-section-title">
    Impact
</h4>

<p>
    An attacker could use CSRF to trick a victim into accessing a website hosted by the attacker, or clicking a URL containing malicious or unauthorized requests.<br/><br/>

CSRF is a type of 'confused deputy' attack which leverages the authentication and authorization of the victim when the forged request is being sent to the web server. Therefore, if a CSRF vulnerability could affect highly privileged users such as administrators full application compromise may be possible.
</p>

<h4 class="ax-section-title">
    Recommendation
</h4>

<p>
    Verify if this form requires anti-CSRF protection and implement CSRF countermeasures if necessary.<br/><br/>

The recommended and the most widely used technique for preventing CSRF attacks is know as an anti-CSRF token, also sometimes referred to as a synchronizer token. The characteristics of a well designed anti-CSRF system involve the following attributes.<br/><br/>

<ul>
  <li>The anti-CSRF token should be unique for each user session</li>
  <li>The session should automatically expire after a suitable amount of time</li>
  <li>The anti-CSRF token should be a cryptographically random value of significant length</li>
  <li>The anti-CSRF token should be cryptographically secure, that is, generated by a strong Pseudo-Random Number Generator (PRNG) algorithm</li>
  <li>The anti-CSRF token is added as a hidden field for forms, or within URLs (only necessary if GET requests cause state changes, that is, GET requests are not idempotent)</li>
  <li>The server should reject the requested action if the anti-CSRF token fails validation</li>
</ul><br/>

When a user submits a form or makes some other authenticated request that requires a Cookie, the anti-CSRF token should be included in the request. Then, the web application will then verify the existence and correctness of this token before processing the request. If the token is missing or incorrect, the request can be rejected.
</p>


<h4 class="ax-section-title">
    References
</h4>

<p>
    
    <a href="https://www.acunetix.com/websitesecurity/csrf-attacks/">What is Cross Site Reference Forgery (CSRF)?</a><br>
    
    <a href="https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet">Cross-Site Request Forgery (CSRF) Prevention Cheatsheet</a><br>
    
    <a href="http://www.cgisecurity.com/csrf-faq.html">The Cross-Site Request Forgery (CSRF/XSRF) FAQ</a><br>
    
    <a href="https://en.wikipedia.org/wiki/Cross-site_request_forgery">Cross-site Request Forgery</a><br>
    
</p>


<h4 class="ax-section-title">
    Affected items
</h4>











    <table border="1" style="table-layout: fixed">
    <tr><td class="ax-affected-item__highlight--dark" id="link_id_2"><b>
        
        Web Server
        
    </b></td></tr>
    
    <tr><td class="ax-affected-item__highlight--light">Details</td></tr>
    <tr><td></td></tr>
    <tr><td class="ax-affected-item__highlight--light">Request headers</td></tr>
    <tr><td><code style="white-space: pre-line">GET /Search.asp HTTP/1.1
Cookie: ASPSESSIONIDAQQQADDT=GCJJOCPACKFHCGALHPHFGPCB
Accept: */*
Accept-Encoding: gzip,deflate
Host: testasp.vulnweb.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Connection: Keep-alive
</code></td></tr>
</table>











    <table border="1" style="table-layout: fixed">
    <tr><td class="ax-affected-item__highlight--dark" id="link_id_92"><b>
        
        /Login.asp
        
    </b></td></tr>
    
    <tr><td class="ax-affected-item__highlight--light">Details</td></tr>
    <tr><td></td></tr>
    <tr><td class="ax-affected-item__highlight--light">Request headers</td></tr>
    <tr><td><code style="white-space: pre-line">GET /Login.asp?RetURL=/Default.asp%3F HTTP/1.1
Cookie: ASPSESSIONIDAQQQADDT=GOCJOCPAOMKGFJKHBKDBFDOE
Accept: */*
Accept-Encoding: gzip,deflate
Host: testasp.vulnweb.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Connection: Keep-alive
</code></td></tr>
</table>











    <table border="1" style="table-layout: fixed">
    <tr><td class="ax-affected-item__highlight--dark" id="link_id_102"><b>
        
        /Register.asp
        
    </b></td></tr>
    
    <tr><td class="ax-affected-item__highlight--light">Details</td></tr>
    <tr><td></td></tr>
    <tr><td class="ax-affected-item__highlight--light">Request headers</td></tr>
    <tr><td><code style="white-space: pre-line">GET /Register.asp?RetURL=/Default.asp%3F HTTP/1.1
Cookie: ASPSESSIONIDAQQQADDT=GOCJOCPAOMKGFJKHBKDBFDOE
Accept: */*
Accept-Encoding: gzip,deflate
Host: testasp.vulnweb.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Connection: Keep-alive
</code></td></tr>
</table>











    <table border="1" style="table-layout: fixed">
    <tr><td class="ax-affected-item__highlight--dark" id="link_id_89"><b>
        
        /Search.asp
        
    </b></td></tr>
    
    <tr><td class="ax-affected-item__highlight--light">Details</td></tr>
    <tr><td></td></tr>
    <tr><td class="ax-affected-item__highlight--light">Request headers</td></tr>
    <tr><td><code style="white-space: pre-line">GET /Search.asp?tfSearch= HTTP/1.1
Cookie: ASPSESSIONIDAQQQADDT=DNKJOCPAABCMFBJCNKPFOFFA
Accept: */*
Accept-Encoding: gzip,deflate
Host: testasp.vulnweb.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Connection: Keep-alive
</code></td></tr>
</table>











    <table border="1" style="table-layout: fixed">
    <tr><td class="ax-affected-item__highlight--dark" id="link_id_112"><b>
        
        /showforum.asp
        
    </b></td></tr>
    
    <tr><td class="ax-affected-item__highlight--light">Details</td></tr>
    <tr><td></td></tr>
    <tr><td class="ax-affected-item__highlight--light">Request headers</td></tr>
    <tr><td><code style="white-space: pre-line">GET /showforum.asp?id=1 HTTP/1.1
Cookie: ASPSESSIONIDAQQQADDT=GCJJOCPACKFHCGALHPHFGPCB
Accept: */*
Accept-Encoding: gzip,deflate
Host: testasp.vulnweb.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Connection: Keep-alive
</code></td></tr>
</table>











    <h3 class="ax-section-title ax-section-title--big">
    
        <img src="">
    
    URL redirection
</h3>

<table border="1" class="ax-alert-info">
    <tr>
        <td>
            Severity
        </td>
        <td class="ax-alert-info__severity_value">
            Medium
        </td>
    </tr>
    <tr>
        <td>
            Reported by module
        </td>
        <td>
            /Scripts/PerScheme/XFS_and_Redir.script
        </td>
    </tr>
</table>

<h4 class="ax-section-title">
    Description
</h4>

<p>
    
    This script is possibly vulnerable to URL redirection attacks. <br/><br/>URL redirection is sometimes used as a part of phishing attacks that confuse visitors about which web site they are visiting.
    
</p>

<h4 class="ax-section-title">
    Impact
</h4>

<p>
    A remote attacker can redirect users from your website to a specified URL. This problem may assist an attacker to conduct phishing attacks, trojan distribution, spammers.
</p>

<h4 class="ax-section-title">
    Recommendation
</h4>

<p>
    Your script should properly sanitize user input.
</p>


<h4 class="ax-section-title">
    References
</h4>

<p>
    
    <a href="https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet">Unvalidated Redirects and Forwards Cheat Sheet</a><br>
    
    <a href="http://packetstormsecurity.org/papers/general/whitepaper_httpresponse.pdf">HTTP Response Splitting, Web Cache Poisoning Attacks, and Related Topics</a><br>
    
</p>


<h4 class="ax-section-title">
    Affected items
</h4>











    <table border="1" style="table-layout: fixed">
    <tr><td class="ax-affected-item__highlight--dark" id="link_id_748"><b>
        
        /Logout.asp
        
    </b></td></tr>
    
    <tr><td class="ax-affected-item__highlight--light">Details</td></tr>
    <tr><td>URL encoded GET input <strong><span class="bb-dark">RetURL</span></strong> was set to <strong><span class="bb-dark">http://xfs.bxss.me</span></strong><br/>  </td></tr>
    <tr><td class="ax-affected-item__highlight--light">Request headers</td></tr>
    <tr><td><code style="white-space: pre-line">GET /Logout.asp?RetURL=http://xfs.bxss.me HTTP/1.1
Connection: keep-alive
Cookie: ASPSESSIONIDAQQQADDT=BIMJOCPAFGNIDFOMGPCNIJJA
Accept: */*
Accept-Encoding: gzip,deflate
Host: testasp.vulnweb.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
</code></td></tr>
</table>











    <h3 class="ax-section-title ax-section-title--big">
    
        <img src="">
    
    User credentials are sent in clear text
</h3>

<table border="1" class="ax-alert-info">
    <tr>
        <td>
            Severity
        </td>
        <td class="ax-alert-info__severity_value">
            Medium
        </td>
    </tr>
    <tr>
        <td>
            Reported by module
        </td>
        <td>
            /Crawler/12-Crawler_User_Credentials_Plain_Text.js
        </td>
    </tr>
</table>

<h4 class="ax-section-title">
    Description
</h4>

<p>
    
    User credentials are transmitted over an unencrypted channel. This information should always be transferred via an encrypted channel (HTTPS) to avoid being intercepted by malicious users.
    
</p>

<h4 class="ax-section-title">
    Impact
</h4>

<p>
    A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection.
</p>

<h4 class="ax-section-title">
    Recommendation
</h4>

<p>
    Because user credentials are considered sensitive information, should always be transferred to the server over an encrypted connection (HTTPS).
</p>



<h4 class="ax-section-title">
    Affected items
</h4>











    <table border="1" style="table-layout: fixed">
    <tr><td class="ax-affected-item__highlight--dark" id="link_id_2"><b>
        
        Web Server
        
    </b></td></tr>
    
    <tr><td class="ax-affected-item__highlight--light">Details</td></tr>
    <tr><td></td></tr>
    <tr><td class="ax-affected-item__highlight--light">Request headers</td></tr>
    <tr><td><code style="white-space: pre-line">GET /Register.asp HTTP/1.1
Cookie: ASPSESSIONIDAQQQADDT=GCJJOCPACKFHCGALHPHFGPCB
Accept: */*
Accept-Encoding: gzip,deflate
Host: testasp.vulnweb.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Connection: Keep-alive
</code></td></tr>
</table>











    <table border="1" style="table-layout: fixed">
    <tr><td class="ax-affected-item__highlight--dark" id="link_id_92"><b>
        
        /Login.asp
        
    </b></td></tr>
    
    <tr><td class="ax-affected-item__highlight--light">Details</td></tr>
    <tr><td></td></tr>
    <tr><td class="ax-affected-item__highlight--light">Request headers</td></tr>
    <tr><td><code style="white-space: pre-line">GET /Login.asp?RetURL=/Default.asp%3F HTTP/1.1
Cookie: ASPSESSIONIDAQQQADDT=GOCJOCPAOMKGFJKHBKDBFDOE
Accept: */*
Accept-Encoding: gzip,deflate
Host: testasp.vulnweb.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Connection: Keep-alive
</code></td></tr>
</table>











    <table border="1" style="table-layout: fixed">
    <tr><td class="ax-affected-item__highlight--dark" id="link_id_102"><b>
        
        /Register.asp
        
    </b></td></tr>
    
    <tr><td class="ax-affected-item__highlight--light">Details</td></tr>
    <tr><td></td></tr>
    <tr><td class="ax-affected-item__highlight--light">Request headers</td></tr>
    <tr><td><code style="white-space: pre-line">GET /Register.asp?RetURL=/Default.asp%3F HTTP/1.1
Cookie: ASPSESSIONIDAQQQADDT=GOCJOCPAOMKGFJKHBKDBFDOE
Accept: */*
Accept-Encoding: gzip,deflate
Host: testasp.vulnweb.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Connection: Keep-alive
</code></td></tr>
</table>











    <h3 class="ax-section-title ax-section-title--big">
    
        <img src="">
    
    ASP.NET version disclosure
</h3>

<table border="1" class="ax-alert-info">
    <tr>
        <td>
            Severity
        </td>
        <td class="ax-alert-info__severity_value">
            Low
        </td>
    </tr>
    <tr>
        <td>
            Reported by module
        </td>
        <td>
            /Scripts/PerServer/ASP_NET_Error_Message.script
        </td>
    </tr>
</table>

<h4 class="ax-section-title">
    Description
</h4>

<p>
    
    The HTTP responses returned by this web application include anheader named <strong>X-AspNet-Version</strong>. The value of this header is used by Visual Studio to determine which version of ASP.NET is in use. It is not necessary for production sites and should be disabled.
    
</p>

<h4 class="ax-section-title">
    Impact
</h4>

<p>
    The HTTP header may disclose sensitive information. This information can be used to launch further attacks.
</p>

<h4 class="ax-section-title">
    Recommendation
</h4>

<p>
    Apply the following changes to the web.config file to prevent ASP.NET version disclosure:
<pre>
&lt;System.Web&gt;
 &lt;httpRuntime enableVersionHeader=&quot;false&quot; /&gt;
&lt;/System.Web&gt;
</pre>
</p>


<h4 class="ax-section-title">
    References
</h4>

<p>
    
    <a href="http://msdn.microsoft.com/en-us/library/system.web.configuration.httpruntimesection.enableversionheader.aspx">HttpRuntimeSection.EnableVersionHeader Property</a><br>
    
</p>


<h4 class="ax-section-title">
    Affected items
</h4>











    <table border="1" style="table-layout: fixed">
    <tr><td class="ax-affected-item__highlight--dark" id="link_id_2"><b>
        
        Web Server
        
    </b></td></tr>
    
    <tr><td class="ax-affected-item__highlight--light">Details</td></tr>
    <tr><td>Version information found: <pre><span class="bb-blue">2.0.50727</span></pre></td></tr>
    <tr><td class="ax-affected-item__highlight--light">Request headers</td></tr>
    <tr><td><code style="white-space: pre-line">GET /|~.aspx HTTP/1.1
Connection: keep-alive
Accept: */*
Accept-Encoding: gzip,deflate
Host: testasp.vulnweb.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
</code></td></tr>
</table>











    <h3 class="ax-section-title ax-section-title--big">
    
        <img src="">
    
    Clickjacking: X-Frame-Options header missing
</h3>

<table border="1" class="ax-alert-info">
    <tr>
        <td>
            Severity
        </td>
        <td class="ax-alert-info__severity_value">
            Low
        </td>
    </tr>
    <tr>
        <td>
            Reported by module
        </td>
        <td>
            /Scripts/PerServer/Clickjacking_X_Frame_Options.script
        </td>
    </tr>
</table>

<h4 class="ax-section-title">
    Description
</h4>

<p>
    
    Clickjacking (User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages. <br/><br/>
The server didn't return an <strong>X-Frame-Options</strong> header which means that this website could be at risk of a clickjacking attack. The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page inside a frame or iframe. Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites.

    
</p>

<h4 class="ax-section-title">
    Impact
</h4>

<p>
    The impact depends on the affected web application. 
</p>

<h4 class="ax-section-title">
    Recommendation
</h4>

<p>
    Configure your web server to include an  X-Frame-Options header. Consult Web references for more information about the possible values for this header.
</p>


<h4 class="ax-section-title">
    References
</h4>

<p>
    
    <a href="https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options">The X-Frame-Options response header</a><br>
    
    <a href="http://en.wikipedia.org/wiki/Clickjacking">Clickjacking</a><br>
    
    <a href="https://www.owasp.org/index.php/Clickjacking">OWASP Clickjacking</a><br>
    
    <a href="https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet#Defending_with_Content_Security_Policy_frame-ancestors_directive">Defending with Content Security Policy frame-ancestors directive</a><br>
    
    <a href="http://stackoverflow.com/questions/958997/frame-buster-buster-buster-code-needed">Frame Buster Buster</a><br>
    
</p>


<h4 class="ax-section-title">
    Affected items
</h4>











    <table border="1" style="table-layout: fixed">
    <tr><td class="ax-affected-item__highlight--dark" id="link_id_2"><b>
        
        Web Server
        
    </b></td></tr>
    
    <tr><td class="ax-affected-item__highlight--light">Details</td></tr>
    <tr><td></td></tr>
    <tr><td class="ax-affected-item__highlight--light">Request headers</td></tr>
    <tr><td><code style="white-space: pre-line">GET / HTTP/1.1
Connection: keep-alive
Cookie: ASPSESSIONIDAQQQADDT=GOCJOCPAOMKGFJKHBKDBFDOE
Accept: */*
Accept-Encoding: gzip,deflate
Host: testasp.vulnweb.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
</code></td></tr>
</table>











    <h3 class="ax-section-title ax-section-title--big">
    
        <img src="">
    
    Login page password-guessing attack
</h3>

<table border="1" class="ax-alert-info">
    <tr>
        <td>
            Severity
        </td>
        <td class="ax-alert-info__severity_value">
            Low
        </td>
    </tr>
    <tr>
        <td>
            Reported by module
        </td>
        <td>
            /Scripts/PerScheme/Html_Authentication_Audit.script
        </td>
    </tr>
</table>

<h4 class="ax-section-title">
    Description
</h4>

<p>
    
    A common threat web developers face is a password-guessing attack known as a brute force attack. A brute-force attack is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and symbols until you discover the one correct combination that works. <br/><br/>

This login page doesn't have any protection against password-guessing attacks (brute force attacks). It's recommended to implement some type of account lockout after a defined number of incorrect password attempts. Consult Web references for more information about fixing this problem.
    
</p>

<h4 class="ax-section-title">
    Impact
</h4>

<p>
    An attacker may attempt to discover a weak password by systematically trying every possible combination of letters, numbers, and symbols until it discovers the one correct combination that works.
</p>

<h4 class="ax-section-title">
    Recommendation
</h4>

<p>
    It's recommended to implement some type of account lockout after a defined number of incorrect password attempts.
</p>


<h4 class="ax-section-title">
    References
</h4>

<p>
    
    <a href="http://www.owasp.org/index.php/Blocking_Brute_Force_Attacks">Blocking Brute Force Attacks</a><br>
    
</p>


<h4 class="ax-section-title">
    Affected items
</h4>











    <table border="1" style="table-layout: fixed">
    <tr><td class="ax-affected-item__highlight--dark" id="link_id_92"><b>
        
        /Login.asp
        
    </b></td></tr>
    
    <tr><td class="ax-affected-item__highlight--light">Details</td></tr>
    <tr><td>The scanner tested 10 invalid credentials and no account lockout was detected.</td></tr>
    <tr><td class="ax-affected-item__highlight--light">Request headers</td></tr>
    <tr><td><code style="white-space: pre-line">POST /Login.asp?RetURL=ikgzMOBX HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Referer: http://testasp.vulnweb.com/
Connection: keep-alive
Accept: */*
Accept-Encoding: gzip,deflate
Content-Length: 33
Host: testasp.vulnweb.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
tfUName=q2YledCo&amp;tfUPass=KKRMIQPB</code></td></tr>
</table>











    <table border="1" style="table-layout: fixed">
    <tr><td class="ax-affected-item__highlight--dark" id="link_id_102"><b>
        
        /Register.asp
        
    </b></td></tr>
    
    <tr><td class="ax-affected-item__highlight--light">Details</td></tr>
    <tr><td>The scanner tested 10 invalid credentials and no account lockout was detected.</td></tr>
    <tr><td class="ax-affected-item__highlight--light">Request headers</td></tr>
    <tr><td><code style="white-space: pre-line">POST /Register.asp?RetURL=sample%40email.tst HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Referer: http://testasp.vulnweb.com/
Connection: keep-alive
Accept: */*
Accept-Encoding: gzip,deflate
Content-Length: 97
Host: testasp.vulnweb.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
tfEmail=hQ74MV9t%40testasp.vulnweb.com&amp;tfRName=ikgzMOBX&amp;tfUName=g00dPa%24%24w0rD&amp;tfUPass=uTr021l6</code></td></tr>
</table>











    <h3 class="ax-section-title ax-section-title--big">
    
        <img src="">
    
    Content Security Policy (CSP) not implemented
</h3>

<table border="1" class="ax-alert-info">
    <tr>
        <td>
            Severity
        </td>
        <td class="ax-alert-info__severity_value">
            Informational
        </td>
    </tr>
    <tr>
        <td>
            Reported by module
        </td>
        <td>
            /httpdata/CSP_not_implemented.js
        </td>
    </tr>
</table>

<h4 class="ax-section-title">
    Description
</h4>

<p>
    
    Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. <br/><br/>

Content Security Policy (CSP) can be implemented by adding a <strong>Content-Security-Policy</strong> header. The value of this header is a string containing the policy directives describing your Content Security Policy. To implement CSP, you should define lists of allowed origins for the all of the types of resources that your site utilizes. For example, if you have a simple site that needs to load scripts, stylesheets, and images hosted locally, as well as from the jQuery library from their CDN, the CSP header could look like the following:

<pre><code>
Content-Security-Policy:
    default-src 'self';
    script-src 'self' https://code.jquery.com;
</code></pre>

<br/><br/>

It was detected that your web application doesn't implement Content Security Policy (CSP) as the CSP header is missing from the response. It's recommended to implement Content Security Policy (CSP) into your web application.
    
</p>

<h4 class="ax-section-title">
    Impact
</h4>

<p>
    CSP can be used to prevent and/or mitigate attacks that involve content/code injection, such as cross-site scripting/XSS attacks, attacks that require embedding a malicious resource, attacks that involve malicious use of iframes, such as clickjacking attacks, and others. 
</p>

<h4 class="ax-section-title">
    Recommendation
</h4>

<p>
    It's recommended to implement Content Security Policy (CSP) into your web application. Configuring Content Security Policy involves adding the <strong>Content-Security-Policy</strong> HTTP header to a web page and giving it values to control resources the user agent is allowed to load for that page. 
</p>


<h4 class="ax-section-title">
    References
</h4>

<p>
    
    <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP">Content Security Policy (CSP)</a><br>
    
    <a href="https://hacks.mozilla.org/2016/02/implementing-content-security-policy/">Implementing Content Security Policy</a><br>
    
</p>


<h4 class="ax-section-title">
    Affected items
</h4>











    <table border="1" style="table-layout: fixed">
    <tr><td class="ax-affected-item__highlight--dark" id="link_id_2"><b>
        
        Web Server
        
    </b></td></tr>
    
    <tr><td class="ax-affected-item__highlight--light">Details</td></tr>
    <tr><td></td></tr>
    <tr><td class="ax-affected-item__highlight--light">Request headers</td></tr>
    <tr><td><code style="white-space: pre-line">GET / HTTP/1.1
Cookie: ASPSESSIONIDAQQQADDT=GOCJOCPAOMKGFJKHBKDBFDOE
Accept: */*
Accept-Encoding: gzip,deflate
Host: testasp.vulnweb.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Connection: Keep-alive
</code></td></tr>
</table>











    <h3 class="ax-section-title ax-section-title--big">
    
        <img src="">
    
    Microsoft IIS version disclosure
</h3>

<table border="1" class="ax-alert-info">
    <tr>
        <td>
            Severity
        </td>
        <td class="ax-alert-info__severity_value">
            Informational
        </td>
    </tr>
    <tr>
        <td>
            Reported by module
        </td>
        <td>
            /Scripts/PerServer/ASP_NET_Error_Message.script
        </td>
    </tr>
</table>

<h4 class="ax-section-title">
    Description
</h4>

<p>
    
    The HTTP responses returned by this web application include a header named <strong>Server</strong>. The value of this header includes the version of Microsoft IIS server.
    
</p>

<h4 class="ax-section-title">
    Impact
</h4>

<p>
    The HTTP header may disclose sensitive information. This information can be used to launch further attacks.
</p>

<h4 class="ax-section-title">
    Recommendation
</h4>

<p>
    Microsoft IIS should be configured to remove unwanted HTTP response headers from the response. Consult web references for more information.
</p>


<h4 class="ax-section-title">
    References
</h4>

<p>
    
    <a href="http://blogs.msdn.com/b/varunm/archive/2013/04/23/remove-unwanted-http-response-headers.aspx">Remove Unwanted HTTP Response Headers</a><br>
    
</p>


<h4 class="ax-section-title">
    Affected items
</h4>











    <table border="1" style="table-layout: fixed">
    <tr><td class="ax-affected-item__highlight--dark" id="link_id_2"><b>
        
        Web Server
        
    </b></td></tr>
    
    <tr><td class="ax-affected-item__highlight--light">Details</td></tr>
    <tr><td>Version information found: <pre><span class="bb-blue">Microsoft-IIS/8.5</span></pre></td></tr>
    <tr><td class="ax-affected-item__highlight--light">Request headers</td></tr>
    <tr><td><code style="white-space: pre-line">GET /|~.aspx HTTP/1.1
Connection: keep-alive
Accept: */*
Accept-Encoding: gzip,deflate
Host: testasp.vulnweb.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
</code></td></tr>
</table>











    <h3 class="ax-section-title ax-section-title--big">
    
        <img src="">
    
    Password type input with auto-complete enabled
</h3>

<table border="1" class="ax-alert-info">
    <tr>
        <td>
            Severity
        </td>
        <td class="ax-alert-info__severity_value">
            Informational
        </td>
    </tr>
    <tr>
        <td>
            Reported by module
        </td>
        <td>
            /Crawler/12-Crawler_Password_Input_Autocomplete.js
        </td>
    </tr>
</table>

<h4 class="ax-section-title">
    Description
</h4>

<p>
    
    When a new name and password is entered in a form and the form is submitted, the browser asks if the password should be saved.Thereafter when the form is displayed, the name and password are filled in automatically or are completed as the name is entered. An attacker with local access could obtain the cleartext password from the browser cache.
    
</p>

<h4 class="ax-section-title">
    Impact
</h4>

<p>
    Possible sensitive information disclosure.
</p>

<h4 class="ax-section-title">
    Recommendation
</h4>

<p>
    The password auto-complete should be disabled in sensitive applications. <br/>To disable auto-complete, you may use a code similar to: <pre><code>&lt;INPUT TYPE=&quot;password&quot; AUTOCOMPLETE=&quot;off&quot;&gt;</code></pre>
</p>



<h4 class="ax-section-title">
    Affected items
</h4>











    <table border="1" style="table-layout: fixed">
    <tr><td class="ax-affected-item__highlight--dark" id="link_id_2"><b>
        
        Web Server
        
    </b></td></tr>
    
    <tr><td class="ax-affected-item__highlight--light">Details</td></tr>
    <tr><td></td></tr>
    <tr><td class="ax-affected-item__highlight--light">Request headers</td></tr>
    <tr><td><code style="white-space: pre-line">GET /Login.asp?RetURL=/Default.asp%3F HTTP/1.1
Cookie: ASPSESSIONIDAQQQADDT=GOCJOCPAOMKGFJKHBKDBFDOE
Accept: */*
Accept-Encoding: gzip,deflate
Host: testasp.vulnweb.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Connection: Keep-alive
</code></td></tr>
</table>











    <h3 class="page-break ax-section-title">
    Scanned items (coverage report)
</h3>












    
    <font color="red">http://testasp.vulnweb.com/</font><br>













    
    <font color="green">http://testasp.vulnweb.com/Default.asp</font><br>













    
    <font color="green">http://testasp.vulnweb.com/Images/</font><br>













    
    <font color="red">http://testasp.vulnweb.com/Login.asp</font><br>













    
    <font color="red">http://testasp.vulnweb.com/Logout.asp</font><br>













    
    <font color="red">http://testasp.vulnweb.com/Register.asp</font><br>













    
    <font color="red">http://testasp.vulnweb.com/Search.asp</font><br>













    
    <font color="red">http://testasp.vulnweb.com/Templatize.asp</font><br>













    
    <font color="green">http://testasp.vulnweb.com/avatars/</font><br>













    
    <font color="green">http://testasp.vulnweb.com/html/</font><br>













    
    <font color="green">http://testasp.vulnweb.com/html/about.html</font><br>













    
    <font color="green">http://testasp.vulnweb.com/ikgzMOBX</font><br>













    
    <font color="green">http://testasp.vulnweb.com/jscripts</font><br>













    
    <font color="green">http://testasp.vulnweb.com/jscripts/</font><br>













    
    <font color="green">http://testasp.vulnweb.com/jscripts/tiny_mce</font><br>













    
    <font color="green">http://testasp.vulnweb.com/jscripts/tiny_mce/</font><br>













    
    <font color="green">http://testasp.vulnweb.com/jscripts/tiny_mce/langs/</font><br>













    
    <font color="green">http://testasp.vulnweb.com/jscripts/tiny_mce/langs/en.js</font><br>













    
    <font color="green">http://testasp.vulnweb.com/jscripts/tiny_mce/themes/</font><br>













    
    <font color="green">http://testasp.vulnweb.com/jscripts/tiny_mce/themes/simple/</font><br>













    
    <font color="green">http://testasp.vulnweb.com/jscripts/tiny_mce/themes/simple/css/</font><br>













    
    <font color="green">http://testasp.vulnweb.com/jscripts/tiny_mce/themes/simple/css/editor_content.css</font><br>













    
    <font color="green">http://testasp.vulnweb.com/jscripts/tiny_mce/themes/simple/css/editor_ui.css</font><br>













    
    <font color="green">http://testasp.vulnweb.com/jscripts/tiny_mce/themes/simple/editor_template.js</font><br>













    
    <font color="green">http://testasp.vulnweb.com/jscripts/tiny_mce/themes/simple/images/</font><br>













    
    <font color="green">http://testasp.vulnweb.com/jscripts/tiny_mce/tiny_mce.js</font><br>













    
    <font color="red">http://testasp.vulnweb.com/showforum.asp</font><br>













    
    <font color="red">http://testasp.vulnweb.com/showthread.asp</font><br>













    
    <font color="green">http://testasp.vulnweb.com/styles.css</font><br>













    </body>
</html>
